CVE-2025-9362

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow

Description

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

References

Link	Tags
https://vuldb.com/?id.321065	vdb entry technical description
https://vuldb.com/?ctiid.321065	signature permissions required
https://vuldb.com/?submit.631534	third party advisory
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md	related
https://www.linksys.com/	product

Frequently Asked Questions

What is the severity of CVE-2025-9362?: CVE-2025-9362 has been scored as a medium severity vulnerability.
How to fix CVE-2025-9362?: To fix CVE-2025-9362, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-9362 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-9362 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-9362?: CVE-2025-9362 affects Linksys RE6250, Linksys RE6300, Linksys RE6350, Linksys RE6500, Linksys RE7000, Linksys RE9000.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions